Attorney Docket: 231 9P 

Amendments to The Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1 (Currently Amended) A method for increasing security of a software program by 
obfuscation of program execution flow, wherein the software program is executed on a 
computer system that includes a user-level protected mode and a kernel-level 
unprotected mode, the method comprising tho stops of : 

(a) identifying critical code segments to be hidden in the software program; 

(b) executing non-critical portions of the software program in the user-level 
protected mode , wherein an execution path of the non-critical portions is 
visible to a debugger program executing in the user-level protected mode : 
and 

(c) executing the critical code segments within respective exception handlers. 
in the kernel-level unprotected mode , wherein an execution path of the 
critical code segments is hidden thorobv h i d i ng oxocut i on of tho cr i t i ca l 
oodo sogmonts from ar-the debugger program executing in the user-level 
protected mode . 

2 (Currently Amended) The method of claim 1 wherein the identifying stee-(a) 
further includes tho stop of 



2 



Attorney Docket: 231 9P 

(i) inserting an exception set-up liandler into tine software program 
that sets-up the exception handlers so that the exception handlers 
will be invoked during program execution. 

3 (Currently Amended) The method of claim 2 wherein stee -the identifying (a) 
further includes th e st e p : 

(ii) inserting an in-line code segment in the software program, wherein the in- 
line code segment sets up and executes the exception set-up handler during program 
execution. 

4 (Currently Amended) The method of claim 1 wherein stee -the identifying (a) 
further includes tho stop of : 

(1) inserting a kernel level driver in the software program that sets-up 
the exception handlers so that the exception handlers will be 
invoked during program execution. 

5 (Currently Amended) The method of claim 4 wherein stee -the identifying (a) 
further Includes tho stop of : 

(ii) inserting an in-line code segment in the software program, wherein 
the in-line code segment invokes the kernel-level driver, thus 
causing the exception handlers to be invoked during program 
execution. 
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6 (Currently Amended) The method of claim 3 further including th e st e p of : using 
the set-up handler to initiate a set-up of debug registers, such that the critical code 
segments in the exception handlers are executed at appropriate times during the 
program execution. 

7 (Currently Amended) The method of claim 6 further including th e st e p of : 
executing the in-line code segment prior to a point in the program flow where any of the 
critical code segments was removed for placement into the exception handlers. 

8 (Currently Amended) The method of claim 7 further including th e st e p of : using 
the in-line code segment to install the exception set-up handler on an exception handler 
linked list for a current thread, such that when an exception occurs, the operating 
system hands control to the exception set-up handler for execution. 

9 (Currently Amended) The method of claim 8 further including tho stop of : 
removing the exception set-up handler from the linked list after execution. 

1 0 (Currently Amended) The method of claim 8 further including th e st e p of : 
inserting each of the exception handlers into the linked list. 

1 1 (Currently Amended) The method of claim 1 0 further including tho stop of : when 
an exception is raised to the operating system, handing control down the linked list until 
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one of the exception handlers determines that the exception is one that the exception 
handler is designed to handle. 

1 2 (Currently Amended) The method of claim 1 1 further including th e st e p of : if the 
exception is one for which the current exception handler was designed to handle, 
executing the critical code segment included in the current exception handler. 

1 3 (Currently Amended) The method of claim 1 2 further including th e st e p of : if the 
exception is one for which the exception set-up handler was designed to handle, setting 
a return address for the exception set-up handler when the exception processing 
completes. 

1 4 (Currently Amended) The method of claim Error! Roforonco source not found. . 
13_further including tho stop of : modifying debug registers during execution of the 
exception handlers such that any number of exception handlers may be daisy chained. 

1 5 (Currently Amended) A method for increasing security of a software program by 
obfuscation of the software program execution flow, the method comprising tho stops 
©f: 

(a) partitioning the software program into code segments, each code segment 
having a particular location within the program execution flow; 

(b) identifying one or more critical code segments; 
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encapsulating the critical code segments in respective exception handlers; 
and 

.during software program execution, executing the code segments in a 
user-level protected mode In their respective relative location with the 
program execution flow, wherein an execution path of the code segments 
is visible to a debugger program executing in the user-level protected 
mode, and executing the exception handlers containing the critical code 
segments in a kernel-level unprotected mode in their respective relative 
location within the program execution flow , wherein an execution path of 
the critical code segments is hidden from the debugger program executing 
in the user-level protected mode . 

1 6 (Currently Amended) A method for obfuscation of computer program execution 
flow to increase computer program security, the method comprising tho stops of : 

(a) breaking the computer code into a plurality of code segments, and 
identifying critical code segments to be obfuscated; 

(b) embedding each of one or more critical code segments within 
respective first exception handlers , wherein when the computer 
program is executed, the critical code segments are executed 
within the respective first exception handlers in a kernel-level 
unprotected mode, wherein an execution path of the critical code 
segments is hidden from a debugger program executing in a user- 
level protected mode : 



(c) 
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(c) providing an exception set-up handler to set up operation of the 
first exception handlers; 

(d) embedding an in-line code segment within a first one of the 
remaining plurality of code segments for setting up and invoking 
the exception set-up handler , wherein when the computer program 
is executed, the remaining plurality of code segments are executed 
in the user-level protected mode, wherein an execution path of the 
remaining plurality of code segments is visible to the debuocer 
program executing in the user-level protected mode . 

1 7 (Currently Amended) The method of claim 1 6 wherein stee -the providing (c) 
further includes tho stop of : using the set-up handler to initiate a set-up of debug 
registers, such that the critical code segments in the exception handlers are executed at 
appropriate times during the program execution. 



1 8 (Currently Amended) The method of claim 1 6 wherein step -the embedding (d) 
further includes th e st e p of : executing the in-line code segment prior to a point in the 
program flow where any of the critical code segments was removed for placement into 
the exception handlers. 



1 9 (Currently Amended) The method of claim 1 8 further including tho stop of : using 
the in-line code segment to install the exception set-up handler on an exception handler 
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linked list for a current thread, such that when an exception occurs, the operating 
system hands control to the exception set-up handler for execution. 

20 (Currently Amended) The method of claim 1 9 further including th e st e p of : 
removing the exception set-up handler from the linked list after execution. 

21 (Currently Amended) The method of claim 1 7 wherein stee -the embedding (b) 
further includes th e st e p of : inserting each of the exception handlers into the linked list. 

22 (Currently Amended) The method of claim 21 further including th e st e p of : when 
an exception is raised to the operating system, handing control down the linked list until 
one of the exception handlers determines that the exception is one that the exception 
handler is designed to handle. 

23 (Currently Amended) The method of claim 22 further including tho stop of : if the 
exception is one for which the current exception handler was designed to handle, 
executing the critical code segment included in the current exception handler. 

24 (Currently Amended) The method of claim 23 further including tho stop of : if the 
exception is one for which the exception set-up handler was designed to handle, setting 
a return address for the exception set-up handler when the exception processing 
completes. 
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25 (Currently Amended) The method of claim 24 further including th e st e p of : 
modifying debug registers during -execution of the exception handlers such that any 
number of exception handlers may be daisy chained. 

26 (Currently Amended) The method of claim 1 6 wherein the embedding step-(b) 
further includes th e st e p of providing entry code for the first exception handlers to 
determine a nature of the exception. 

27 (Currently Amended) The method of claim 26 further including th e st e p of 
handling the exception if the nature of the exception is applicable to the first exception 
handler, othenwise handing exception processing to the next available exception 
handler. 

28 (Currently Amended) The method of claim 1 6 further including th e st e p of 
obfuscating the critical code segments to prevent reverse engineering. 

29 (Currently Amended) The method of claim 1 6 further including th e st e p of 
obfuscating the critical code segments to hide anti-piracy algorithms. 

30 (Currently Amended) The method of claim 1 6 further including th e st e p of 
providing code for the first exception handlers to modify a return address to be used 
after completion of the exception processing. 

31 (Currently Amended) The method of claim 30 further including tho stop of 
rearranging non-embedded code segments out of normal execution order, and setting 
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exception addresses and return addresses to ensure proper program sequencing to 
further obfuscate the program execution flow. 

32 (Currently Amended) The method of claim 1 6 further including th e st e p of 
i nc l ud i ng code within the first exception handlers to modify the exception conditions to 
support future exceptions. 

33 (Currently Amended) The method of claim 32, further including th e st e p of 
i nc l ud i ng a plurality of code segments within the first exception handler. 

34 (Currently Amended) The method of claim 33, further including th e st e p of 
selecting which of a plurality of code segments within the first exception handler should 
be executed based on the exception information. 

35 (Currently Amended) The method of claim 32, further including tho stop of 
embedding one or more first exception handlers into other first exception handlers to 
further obfuscate the program execution flow. 

36 (Currently Amended) A method for obfuscation of computer program execution 
flow to increase computer program security, the method comprising tho stops of : 

(a) partitioning the program into a plurality of non-critical code segments and 
at least one critical code segment; 

(b) obfuscating the critical code segments by embedding each of one of the 
critical code segments within a respective exception handle r, wherein 
when the computer program is executed, the critical code segments are 
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executed within the respective first exception handlers in a kernel-level 
unprotected mode, wherein an execution path of the critical code 
segments is hidden from a debugger program executing in a user-level 
protected mode : 

(c) providing a driver to set up operation of the first exception handlers; and 

(d) embedding an in-line code segment within a first non-critical code 
segment for invoking the driver when the program is executed , wherein 
when the computer program is executed, the remaining plurality of code 
segments are executed in the user-level protected mode, wherein an 
execution path of the remaining pluralitv of code segments is visible to the 
debugger program executing in the user-level protected mode . 

37 (Currently Amended) The method of claim 36 wherein the providing s tee-fc) 

further i nc l ud i ng includes tho stop of : using the driver to initiate a set-up of debug 
registers, such that the critical code segments in the exception handlers are executed at 
appropriate times during the program execution. 

38 (Currently Amended) The method of claim 37 further including th e st e p of : 
executing the driver prior to a point in the program flow where any of the critical code 
segments was removed for placement into the exception handlers. 
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39 (Currently Amended) The method of claim 37 wherein the providing s tep-(b) 
further includes th e st e p of : inserting each of the exception handlers into the linked list. 

40 (Currently Amended) The method of claim 39 further includes i nc l ud i ng th e st e p 
©f: when the exception is raised to the operating system, handing control down the 
linked list until one of the exception handlers determines that the exception is one that 
the exception handler is designed to handle. 

41 (Currently Amended) The method of claim 40 further includes i nc l ud i ng th e st e p 
Gf: if the exception is one for which the current exception handler was designed to 
handle, executing the critical code segment included in the current exception handler. 

42 (Currently Amended) The method of claim 41 further including th o st o p of : if the 
exception is one for which the exception set-up handler was designed to handle, setting 
a return address for the exception set-up handler when the exception processing 
completes. 

43 (Currently Amended) The method of claim 42 further including th e st e p of : 
modifying debug registers during execution of the exception handlers such that any 
number of exception handlers may be daisy chained. 
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44 {Currently Amended) The method of claim 36 wherein the providing s tep-(b) 
further includes th e st e p of providing entry code for the first exception handlers to 
determine a nature of the exception. 

45 (Currently Amended) The method of claim 44, further comprising th e st e p of 
handling the exception if the nature of the exception is applicable to the first exception 
handler, otherwise handing exception processing to the next available exception 

handler. 

46 (Currently Amended) The method of claim 36, further comprising th e st e p of 
selecting from the plurality of code segments the segments to obfuscate within the first 
exception handlers based on the value of obfuscating the algorithms within the 
segment. 

47 (Currently Amended) The method of claim 42, further comprising th e st e p of 
providing code for the first exception handlers to modify the return address to be used 
after completion of the exception processing 

48 (Currently Amended) The method of claim 47, further comprising tho stop of 
rearranging the remaining non-embedded code segments out of normal execution 
order, and setting exception addresses and return addresses to ensure proper program 
sequencing to further obfuscate the program execution flow. 

49 (Currently Amended) The method of claim 42, further comprising tho stop of 
including code within the first exception handlers to modify the exception conditions to 
support future exceptions. 
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50 (Currently Amended) The method of claim 49, further comprising th e st e p of 
including a plurality of code segments within the first exception handler. 

51 (Currently Amended) The method of claim 50, further comprising th e st e p of 
selecting which of a plurality of code segments within the first exception handler should 
be executed based on the exception information 

52 (Currently Amended) The method of claim 36, further comprising th e st e p of 
including additional, unrelated driver code within the driver to further obfuscate the 
operation of the program execution flow. 

53 (Currently Amended) The method of claim 42, further comprising th e st e p of 
setting up exceptions to occur within one or more first exception handlers, to be 
handled by other first exception handlers, to further obfuscate the program execution 
flow. 

54 (Currently Amended) The method of claim 53, further comprising tho stop of 
repeating the embedded exceptions within exception handlers such that the required 
exception processing occurs at a plurality of exception processing levels, to further 
obfuscate the program execution flow. 

55 (Currently Amended) A computer-readable medium containing a software 
program that is to be executed on a computer system that includes a user-level 
protected mode and a kernel-level unprotected mode, wherein the software program 
contains critical code segments to be obfuscated during program execution flow to 
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increase security of the software program, the software program comprising instructions 
for: 

(a) executing non-critical portions of the software program in the user-level 
protected mode , wherein an execution path of the non-critical portions is 
visible to a debugger program executing in the user-level protected mode : 
and 

(b) executing the critical code segments within respective exception handlers. 
in the kernel-level unprotected mode, wherein an execution path of the 

critical code segments is hidden , thoroby hiding oxocut i on of the cr i t i ca l 
codo sogmonts from a-the debugger program executing in the user-level 
protected mode . 

56 (Original) The computer-readable medium of claim 55 wherein instruction (a) 
further includes the instruction of 

(i) invoking an exception set-up handler within the software program 
that sets-up the exception handlers so that the exception handlers 
will be invoked during program execution. 



57 (Original) The computer-readable medium of claim 56 wherein instruction (a) 
further includes the instruction: 

(ii) inserting an in-line code segment in the software program, wherein the in- 
line code segment sets up and executes the exception set-up handler during program 

execution. 
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58 (Original) Tine computer-readable medium of claim 55 wherein instruction (a) 
further includes the instruction of: 

(i) invoking a kernel level driver in the software program that sets-up 

the exception handlers so that the exception handlers will be 

invoked during program execution. 



59 (Original) The computer-readable medium of claim 58 wherein instruction (a) 

further includes the instruction of: 

(ii) invoking an in-line code segment in the software program, wherein 
the in-line code segment invokes the kernel-level driver, thus 
causing the exception handlers to be invoked during program 
execution. 



60 (Original) The computer-readable medium of claim 57 further including the 
instruction of: causing the set-up handler to set-up debug registers, such that the 
critical code segments in the exception handlers are executed at appropriate times 
during the program execution. 



61 (Original) The computer-readable medium of claim 60 further including the 
instruction of: executing the in-line code segment prior to a point in the program flow 
where any of the critical code segments was removed for placement into the exception 

handlers. 
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62 (Original) Tine computer-readable medium of claim 61 further including the 
instruction of: causing the in-line code segment to install the exception set-up handler 
on an exception handler linked list for a current thread, such that when an exception 
occurs, the operating system hands control to the exception set-up handler for 
execution. 

63 (Original) The computer-readable medium of claim 62 further including the 
instruction of: removing the exception set-up handler from the linked list after execution. 

64 (Original) The computer-readable medium of claim 62 further including the 
instruction of: inserting each of the exception handlers into the linked list. 

65 (Original) The computer-readable medium of claim 64 further including the 
instruction of: when the exception is raised to the operating system, and control is 
passed down the linked list to each of the exception handlers, determining that the 
exception is one that a current exception handler is designed to handle. 

66 (Original) The computer-readable medium of claim 65 further including the 
instruction of: if the exception is one for which the current exception handler was 
designed to handle, executing the critical code segment included in the current 
exception handler. 
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67 (Original) The computer-readable medium of claim 66 further including the 
instruction of: if the exception is one for which the exception set-up handler was 
designed to handle, setting a debug register with a return address for the exception set- 
up handler when the exception processing completes. 

68 (Original) The computer-readable medium of claim 67 further including the 
instruction of: modifying debug registers during execution of the exception handlers 
such that any number of exception handlers may be daisy chained. 

69 (Currently Amended) A system for obfuscation of program execution flow, 
comprising: 

a computer system including a processor, memory, an operating system that 
provides kernel-level and user-level execution modes, and debug resources to support 
the generation and processing of exceptions at specified addresses; and 
an obfuscated program comprising, 

a plurality of non-critical code segments, such that when the 
computer system executes the program, the non-critical code 
segments are executed in the user-level execution mode, wherein 
an execution path of the non-critical code segments is visible to a 
debugger program executing in the user-level execution mode. 
a plurality of critical code segments encapsulated within respective 
exception handlers, and 
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a set-up handler for setting up the debug registers such that when 
the computer system executes the program, the exception handlers 
containing the critical code segments are executed in the kernel level 
mode , wherein an execution path of the critical code segments is 
hidden from the debuooer program executino in the user-level 
execution mode . 



19 



